You have all of 127.0.0.0/8 as a loopback; I hope it doesn't hard-code 127.0.0.1...

bzbarsky · on Dec 15, 2020

"localhost" is hardcoded to resolve to "127.0.0.1" (ignoring IPv6 for now).

The "is secure context" state applies to 127.0.0.0/8 (again ignoring IPv6). See NetAddr::IsLoopBackAddressWithoutIPv6Mapping in https://searchfox.org/mozilla-central/source/netwerk/dns/DNS...

I'm pretty sure all of this is clearly specified at this point, so browsers should end up all aligning on a common behavior here at some point, if they haven't yet.